Chinese Hacking Groups Target COVID-19 Research Organizations

Organizations engaged in researching SARS-CoV-2 and COVID-19 received warning that hackers associated with the Peoples Republic of China (PRC) are targeting their organizations, consequently, they need to take steps to safeguard their systems from any attack.

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security have cautioned that organizations in the healthcare, pharmaceutical and research agencies involved with testing methods, SARS-CoV-2 vaccines, and different remedies for COVID-19 are being targeted by hackers trying to get access to research information to move forward PRC’s research program. The Trump Administration likewise cautioned that cyber espionage campaigns directed at COVID-19 research agencies are currently being carried out by hackers connected to Iran.

In the alert, CISA and the FBI warn that the attackers steal intellectual property, which jeopardizes the provision of safe, effective, and reliable treatment solutions. All institutions engaged in COVID-19 research were instructed to implement the recommended mitigations immediately to avoid surreptitious assessment and stealing of COVID-19 related information.

CISA states that press attention affiliating a company with COVID-19 research is most likely to lead to more interest and cyber activity and it’s better to think that specific cyber attacks will happen. Patching efforts ought to be updated and critical vulnerabilities must be resolved on all systems. When patches are not applied to deal with vulnerabilities, there must be mitigations put in place until it’s possible to apply the patches. Top priority must be given to vulnerabilities identified to have been taken advantage of by threat actors as well as vulnerabilities on internet-linked servers and software program processing internet information.

Scans must be performed on all web apps to recognize anomalous activity which may reveal unauthorized access. Checks should also be carried out to discover any changes that were made to the apps. Authentication steps must be increased, and multi-factor authentication must be enforced.

Scans must be done to determine strange user activity. If anomalous behavior is noticed, access must be quickly stopped pending additional scrutiny. If suspicious or criminal activity is discovered, the FBI field office in the locality must be informed. CISA and the FBI are going to release technical details regarding threats and cyberattacks in the forthcoming days.